Tds slow scan time ?

Discussion in 'Trojan Defence Suite' started by blazin, May 16, 2003.

Thread Status:
Not open for further replies.
  1. blazin

    blazin Guest

    I just got TDS-3 and ran a full system scan and was wandering if its suppose to take real long like it did with me. When i run trojan hunter full system scan its a looot faster than tds. Whats the difference why does it take longer o_O
    thanks
     
  2. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    TDS-3 does take longer than Trojan Hunter to do a full system scan.
    I use both programs also. ;)

    I'm sure that someone with more knowledge about how TDS-3 works specifically will be along to answer your question.

    I personally don't mind the longer scan time at all.
     
  3. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Welcome Blazin!
    All depends on configuration, windows system, system speed, what's on it, which windows version you're using, if you checked all options to look even for trojan clients (editors) and worm slider on highest sensitivity, memory space scan, deep analysis for the NTFS streams, etc etc etc.
    If i just do a quick scan for just the logical drives and not inside archives and memory and all those heuristics i can be ready in short time, but i'm used to go to the deepest, everything checked, highest sensitivity, also looking for eventual editors etc etc etc Then it depends of course on the engine used, how it works:
    if you use a taskmanager like Faber Toys or other nice tools posted in the forums here frequently you see TDS is scanning multy threaded, the Full System Scan is trying to use as much CPU space as possible during that process to speed up the deep scanning: we do know that is the heaviest process and for this reason during that it's advisable (like with most scanners) to close unnecessary programs to give it as much space as possible.
    I don't mind if another scanner is quicker, for me the result counts in the first place.
    I see that with the online scanners too: some are ready in no time and others if you let them take hours!
     
  4. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    On scanning any given EXE file, TDS could be running through MANY routines for detecting modified versions of powerful (popular) trojans.

    While some might think it is easy to detect trojans, often there are recompiled private versions that only the trojan writers friends have copies of.. when it comes to any popular trojan we do some further analysis to add increased detection where possible. Just see this page for an example.. we cant put up 5 million screenshots, so I took a new version of SubSeven that had just been released, and a modified Optix Pro server (would probably be undetected to other scanners)

    http://tds.diamondcs.com.au/web/bigscreens.php?screen=Detecting%20Trojans
     
  5. xor

    xor Guest

    And the Screen shoot says again "Good afternoon Gav" :D
    Yes, Hello TDS :D

    *lol* :D
     
  6. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Nice, so you see it is an original!
    I see something more i'll IM Gavin about.


    Michael, i really love TDS saying something nice. I remember in all the terrible shocks and confusion from 9/11 it was only that familiar little voice in my system with the friendly words i have heard thousands of times, all the rest of the world was upside down and so ... ah you know, just that little voice calling my name and asking for bites of my lunch or to add a break on the to-do list, etc... Great feature!
     
  7. blazin

    blazin Guest

    thanks for all the feedback it makes sense :) im starting to like tds a lot but theres also lots of tools in it i havent tried i want to. Since im using the evaluation version whats the limitations of it ? does it still detect as good as registered version?
    thanks
     
  8. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    You can't activate "Execution Protection" in the trial version.
    You have to manually download the updates,in the registered version you click a button to update.
    Those are the limitations that I remember from when I had the evaluation version.
    If there are other differences,someone from DiamondCS or one of the expert users will have to answer that question.

    You're starting to like TDS-3 a lot?
    It is a fun and educational program. ;)

    Some of the more experienced/knowledgable TDS-3 users are very helpful explaining the tools and TDS-3 in general.
     
  9. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Thats about it in real evaluation limits

    Cant load SS3 scripts larger than 5kb, cant use the #INCLUDE variable.. see the back of the help file, registration area for limitations :) This may be out of date unfortunately :(

    For detection, nothing. Trojan removal restrictions ? nothing.
     
  10. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    One limitation is the limitation in time, as registered versions are licensed without time limitations, only the time you need yourself to add to your sleep list, and yeah, the 5kb scripts loading is a limit so you can load several of the example scripts including the UserSubmitted ones (don't forget to try the InnerPeace scrip!) but you can't run for instance the fabulous Screx script (which needs to be extracted in it's own Screx folder but then still is over 5kb), so the registered version adds to your usage only limited by your own imagination.
    And registered users are part of the Licensed TDS Operators Family, with extra access possibilities to that special restricted area in the DCS forums on their site (see URL in my signature).
    So there are a few restrictions in the evaluation version.
     
  11. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hello Blazen, I usually do a full system scan weekly, usually when I go out for the evening. Use the on demand scanner (right click on the target file) for downloaded files. Have TDS do a start up scan - Configuration - with all the Initialisation & Start up scanning boxes enabled, If you do not have an NT based system disable the "Boot TDS process priority NT".

    HTH Pilli
     
  12. Patrice

    Patrice Registered Member

    Joined:
    Apr 15, 2003
    Posts:
    571
    Location:
    Antarctica
    Hello,

    Could you please specify this a little bit more concrete? A screenshot would be nice of it, because I have no TDS-3 command when I right-click a file... :p

    Regards,

    Patrice
     
  13. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    In Windows explorer > rightclick on a file or folder > scan with TDS

    Might be you need to edit the registry for proper install of those functions. Others disabled the "scan" for EXE files for instance. Just what people like!
     
  14. Patrice

    Patrice Registered Member

    Joined:
    Apr 15, 2003
    Posts:
    571
    Location:
    Antarctica
    Hi Jooske,

    you can only scan folders, not files. Is that correct?

    Regards,

    Patrice
     
  15. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Possible, you can edit that in the registry, think somebody ever made a very nice script for that, in the private script forum if i remember well...... and one other to get rid of the scanning exe's .... lot of digging!
     
  16. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Sorry folks, I should have said directory :rolleyes:
     
  17. Patrice

    Patrice Registered Member

    Joined:
    Apr 15, 2003
    Posts:
    571
    Location:
    Antarctica
    Hi,

    We will NEVER EVER forgive you that! ;) LOL :D

    Hey Jooske, could you find this out for me. I would love just to scan one single file with TDS-3. I wonder if they implement this function in TDS-4... :rolleyes:

    Regards,

    Patrice
     
  18. Tuulilapsi

    Tuulilapsi Registered Member

    Joined:
    Dec 8, 2002
    Posts:
    53
    I don't know about you guys, but I sure can scan single files with TDS-3. And no registry hacks done to achieve it.
     

    Attached Files:

  19. Patrice

    Patrice Registered Member

    Joined:
    Apr 15, 2003
    Posts:
    571
    Location:
    Antarctica
    o_O o_O o_O

    Now I really begin to wonder... Why the hack don't I have that as well? Anyone else who has the same problem like me? Jooske? Pilli?

    Greetings,

    Patrice
     
  20. blazin

    blazin Guest

    what are these scripts your talking about making and stuff ? what are they used for
     
  21. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    I messed up my registry when i installed during testing TDS from the one computer on the other via the network. So this means when i want to right-click scan anything the TDS on the other computer is started to scan the file on this computer. I'll correct that some day back again!



    Blazin, in TDS > SS3 > Load Script , you will see lots of example scripts. In fact you can do anything wiht them you want, you can write scripts, play other people's scripts and the examples, you can make whole movies, presentations, build databases, emulators, in the registered version you can use the Screx script to emulate trojan servers, you can make it a desktophelper, in the registered version you can play the CokeMachine script with msagents and voice commands, use it as a jukebox, there are no limits, only our imagination and knowledge of scripting. We learn, all together.
    In the private (licensed operators only) part in the DCS forums is a whole part about it.

    As you can produce speech, sounds, colors, start other applications, music, you can do really everything with it.
    Have a script when you call your computer remotely and the script is started with your IR to start your magnetron and when home your dinner is ready, or put a timer script have it Cuckericooo you awake in the morning with fresh coffee and your emails and morning paper collected, etc. Let it pick up the phone for you and send autoresponses, or have it dialing you local store to have your fridge filled.
    What the scripts are for? hmm among others these things. Oh and you can build your custom browser in it. I use it at times if i get into problems after another IE security update.
    And don't forget TDS is for security in the first place, but it has so many more options!
    TDS teaches to be very useful and security can be so much real fun!
     
  22. Patrice

    Patrice Registered Member

    Joined:
    Apr 15, 2003
    Posts:
    571
    Location:
    Antarctica
    Hello all,

    this is the solution to all those who can't scan a single file with TDS-3:

    You need these three registry entries on your system (Start -> Run -> Regedit):

    [HKEY_CLASSES_ROOT\*\shell\Scan file with TDS-3\command]
    @="C:\\TDS3\\tds-3.exe -scanf %1"


    [HKEY_CLASSES_ROOT\Drive\shell\Scan drive with TDS-3\command]
    @="C:\\TDS3\\tds-3.exe -scand %1"

    [HKEY_CLASSES_ROOT\Directory\shell\Scan path with TDS-3\command]
    @="C:\\TDS3\\tds-3.exe -scand %1"

    Especially the first one is the one which is responsible for that TDS-3 scans a single file.

    Hope that helps you out as well as it did for me! ;)

    Best regards,

    Patrice

    P.S. Don't forget to replace the above mentioned path with the one which is correct on your system (TDS folder). I'm not responsible for any BSoD or system failures if you change the registry on your computer!
     
  23. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    hmmm Patrice, I, like Tullilapsi, have always had thatright click option on single file without registry hack.
     

    Attached Files:

  24. Patrice

    Patrice Registered Member

    Joined:
    Apr 15, 2003
    Posts:
    571
    Location:
    Antarctica
    Hi Tassie_Devils,

    I believe you, but I have written this for those who doesn't have this possibility. I think it's because I updated my version to version 3.2.1. Those of you who installed directly the version 3.2.1 won't have this problem I guess. ;)

    Regards,

    Patrice
     
  25. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    You never answered if you have any registry protection / blocker which might have been up while installing TDS.
     
Thread Status:
Not open for further replies.